package org.apache.derby.impl.sql.conn;

import java.util.Iterator;
import java.util.List;
import org.apache.derby.iapi.error.StandardException;
import org.apache.derby.iapi.reference.Property;
import org.apache.derby.iapi.services.property.PropertyUtil;
import org.apache.derby.iapi.sql.Activation;
import org.apache.derby.iapi.sql.conn.Authorizer;
import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;
import org.apache.derby.iapi.sql.dictionary.DataDictionary;
import org.apache.derby.iapi.sql.dictionary.StatementPermission;
import org.apache.derby.iapi.util.IdUtil;
import org.apache.derby.iapi.util.StringUtil;
import org.apache.derby.shared.common.reference.SQLState;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/derby-10.12.1.1.jar:org/apache/derby/impl/sql/conn/GenericAuthorizer.class
 */
/* loaded from: input_file:org/apache/derby/impl/sql/conn/GenericAuthorizer.class */
class GenericAuthorizer implements Authorizer {
    private static final int NO_ACCESS = 0;
    private static final int READ_ACCESS = 1;
    private static final int FULL_ACCESS = 2;
    private int userAccessLevel;
    boolean readOnlyConnection;
    private final LanguageConnectionContext lcc;

    /* JADX INFO: Access modifiers changed from: package-private */
    public GenericAuthorizer(LanguageConnectionContext languageConnectionContext) throws StandardException {
        this.lcc = languageConnectionContext;
        refresh();
    }

    private boolean connectionMustRemainReadOnly() {
        return this.lcc.getDatabase().isReadOnly() || this.userAccessLevel == 1;
    }

    @Override // org.apache.derby.iapi.sql.conn.Authorizer
    public void authorize(int i) throws StandardException {
        authorize((Activation) null, i);
    }

    @Override // org.apache.derby.iapi.sql.conn.Authorizer
    public void authorize(Activation activation, int i) throws StandardException {
        short sQLAllowed = this.lcc.getStatementContext().getSQLAllowed();
        switch (i) {
            case 0:
            case 5:
                if (isReadOnlyConnection()) {
                    throw StandardException.newException(SQLState.AUTH_WRITE_WITH_READ_ONLY_CONNECTION, new Object[0]);
                }
                if (sQLAllowed > 0) {
                    throw externalRoutineException(i, sQLAllowed);
                }
                break;
            case 1:
                if (sQLAllowed > 1) {
                    throw externalRoutineException(i, sQLAllowed);
                }
                break;
            case 2:
            case 3:
                if (sQLAllowed == 3) {
                    throw externalRoutineException(i, sQLAllowed);
                }
                break;
            case 4:
            case 6:
                if (isReadOnlyConnection()) {
                    throw StandardException.newException(SQLState.AUTH_DDL_WITH_READ_ONLY_CONNECTION, new Object[0]);
                }
                if (sQLAllowed > 0) {
                    throw externalRoutineException(i, sQLAllowed);
                }
                break;
        }
        if (activation != null) {
            authorize(activation.getPreparedStatement().getRequiredPermissionsList(), activation);
        }
    }

    /* JADX WARN: Finally extract failed */
    @Override // org.apache.derby.iapi.sql.conn.Authorizer
    public void authorize(List<StatementPermission> list, Activation activation) throws StandardException {
        DataDictionary dataDictionary = this.lcc.getDataDictionary();
        if (list == null || list.isEmpty() || this.lcc.getCurrentUserId(activation).equals(dataDictionary.getAuthorizationDatabaseOwner())) {
            return;
        }
        int startReading = dataDictionary.startReading(this.lcc);
        this.lcc.beginNestedTransaction(true);
        try {
            try {
                Iterator<StatementPermission> it = list.iterator();
                while (it.hasNext()) {
                    it.next().check(this.lcc, false, activation);
                }
                dataDictionary.doneReading(startReading, this.lcc);
            } catch (Throwable th) {
                dataDictionary.doneReading(startReading, this.lcc);
                throw th;
            }
        } finally {
            this.lcc.commitNestedTransaction();
        }
    }

    private static StandardException externalRoutineException(int i, int i2) {
        String str;
        if (i2 == 1) {
            str = SQLState.EXTERNAL_ROUTINE_NO_MODIFIES_SQL;
        } else if (i2 == 2) {
            switch (i) {
                case 0:
                case 4:
                case 5:
                case 6:
                    str = SQLState.EXTERNAL_ROUTINE_NO_MODIFIES_SQL;
                    break;
                case 1:
                case 2:
                case 3:
                default:
                    str = SQLState.EXTERNAL_ROUTINE_NO_READS_SQL;
                    break;
            }
        } else {
            str = SQLState.EXTERNAL_ROUTINE_NO_SQL;
        }
        return StandardException.newException(str, new Object[0]);
    }

    private void getUserAccessLevel() throws StandardException {
        this.userAccessLevel = 0;
        if (userOnAccessList(Property.FULL_ACCESS_USERS_PROPERTY)) {
            this.userAccessLevel = 2;
        }
        if (this.userAccessLevel == 0 && userOnAccessList(Property.READ_ONLY_ACCESS_USERS_PROPERTY)) {
            this.userAccessLevel = 1;
        }
        if (this.userAccessLevel == 0) {
            this.userAccessLevel = getDefaultAccessLevel();
        }
    }

    private int getDefaultAccessLevel() throws StandardException {
        String serviceProperty = PropertyUtil.getServiceProperty(this.lcc.getTransactionExecute(), Property.DEFAULT_CONNECTION_MODE_PROPERTY);
        if (serviceProperty == null) {
            return 2;
        }
        if (StringUtil.SQLEqualsIgnoreCase(serviceProperty, Property.NO_ACCESS)) {
            return 0;
        }
        if (StringUtil.SQLEqualsIgnoreCase(serviceProperty, Property.READ_ONLY_ACCESS)) {
            return 1;
        }
        return StringUtil.SQLEqualsIgnoreCase(serviceProperty, Property.FULL_ACCESS) ? 2 : 2;
    }

    private boolean userOnAccessList(String str) throws StandardException {
        return IdUtil.idOnList(this.lcc.getSessionUserId(), PropertyUtil.getServiceProperty(this.lcc.getTransactionExecute(), str));
    }

    @Override // org.apache.derby.iapi.sql.conn.Authorizer
    public boolean isReadOnlyConnection() {
        return this.readOnlyConnection;
    }

    @Override // org.apache.derby.iapi.sql.conn.Authorizer
    public void setReadOnlyConnection(boolean z, boolean z2) throws StandardException {
        if (z2 && !z && connectionMustRemainReadOnly()) {
            throw StandardException.newException(SQLState.AUTH_CANNOT_SET_READ_WRITE, new Object[0]);
        }
        this.readOnlyConnection = z;
    }

    @Override // org.apache.derby.iapi.sql.conn.Authorizer
    public final void refresh() throws StandardException {
        getUserAccessLevel();
        if (!this.readOnlyConnection) {
            this.readOnlyConnection = connectionMustRemainReadOnly();
        }
        if (this.userAccessLevel == 0) {
            throw StandardException.newException(SQLState.AUTH_DATABASE_CONNECTION_REFUSED, new Object[0]);
        }
    }
}
